Verify that services like login can use kerberised IDs and that the password works

Create a host principal keytab in Windows. Import it into UNIX.

Verify that kinit -k works

Edit /etc/krb5/krb5.conf to include “verify_ap_req_nofail = true” in the [libdefaults] section. This will secure the UNIX box to prove it is talking with the bonefide KDC.

Get Single-Sign-On working

1. Ldapsearch, unencrypted

ldapsearch on Linux is very similar but not identical to Solaris. Some of the command line options are subtly different. (eg the -x flag is required to use simple authentication, and URIs are supported)

Using the simple bind user, verify that lookups can be done using unencrypted LDAP. Not only will this return a record, but will also give the correct attribute name: